Tom Lane wrote:
> Magnus Hagander <magnus@hagander.net> writes:
>> Peter Eisentraut wrote:
>>> These services either use a protected port or a protected directory, or they
>>> support SSL or something similar (SSH), or they are deprecated, as many
>>> traditional Unix services are. If you find a service that is not covered by
>>> this, then yes, you have a problem.
>
>> It's certainly the default on my SQL Servers. And Sybase. AFAIK it's the
>> default on MySQL,
>
> Nyet. I find this in configure.in in mysql 5.0.45 (reasonably current):
>
> # The port should be constant for a LONG time
> MYSQL_TCP_PORT_DEFAULT=3306
> MYSQL_UNIX_ADDR_DEFAULT="/tmp/mysql.sock"
>
> I see that Red Hat's RPM specfile overrides that:
> --with-unix-socket-path=/var/lib/mysql/mysql.sock
> which was a decision that was taken long before I had anything to do
> with it. Note that neither the out-of-the-box default nor the
> RH-modified convention appear to support multiple servers on the same
> box with any degree of convenience; the server doesn't adjust the path
> name depending on port number.
I was referring to the listening on TCP connections over localhost
without SSL. Port 3306 isn't protected AFAIK, and there's nothing in
those lines that says it's SSL only. But then again, neither is the
/tmp/mysql.sock file. Am I missing something here, or did you just post
a piece of configure that *agreed* with what I said? ;-)
//Magnus